Insights

In his latest article, Norman Marks investigates the evolving role of artificial intelligence (AI) in Sarbanes-Oxley (SOX) compliance, offering valuable insights into how AI can revolutionize internal controls and risk management practices. In this article, he explores the potential of AI to enhance the efficiency and effectiveness of SOX programs, from risk assessment to process documentation, and emphasizes the importance of maintaining a focus on financial statement integrity while navigating the opportunities and challenges AI presents.

As organizations continue to evolve in an increasingly interconnected world, it has become abundantly clear that the way we manage third-party relationships is at the heart of effective governance, risk management, and compliance (GRC). What was once seen as a linear process of managing external partnerships has now transformed into an intricate web of interconnected relationships that extend across global suppliers, contractors, service providers, and more. These third-party connections form what is known as the extended enterprise, and within this ecosystem lies some of the most pressing challenges organizations face today.

In today's risk landscape, regulatory-driven practices often fail to deliver meaningful value. Graeme Keith examines the challenges and opportunities presented by the dichotomy between Risk Management 1 (RM1) and Risk Management 2 (RM2). By exploring the unintended consequences of regulatory pressure on risk management systems, Keith presents a case for evolving traditional risk practices into a more strategic, decision-supportive approach.

In his most recent article, Norman Marks investigates whether cyber truly stands as the top risk for organizations today. While surveys consistently highlight cyber as one of, if not the leading risk, Norman dives deeper into the data and offers a unique perspective on whether this truly reflects the reality organizations face.

In his most recent article, Tim Leech explores whether Chief Legal Officers (CLOs), Chief Risk Officers (CROs), and Chief Audit Executives (CAEs) have a legal duty to brief the board on its fiduciary responsibilities related to escalating MCOs and associated risks. By diving into the roles of these executives, Tim Leech highlights their obligations to ensure that boards are well-informed about the risks that need to be managed and monitored to protect the organization.

UnitedHealth Group is making waves in the healthcare sector with the launch of 1,000 artificial intelligence (AI) applications across its insurance, health services, and pharmacy units. This ambitious move, originally reported by the Wall Street Journal, to integrate AI into core business operations is a game-changer for the industry, offering potential to streamline workflows, enhance the customer experience, and support medical decision-making. However, as AI continues to shape the future of healthcare, its governance remains a critical concern, particularly when it comes to claims processing, data privacy, and ethical considerations.

In my previous article, Rethinking ESG: Rediscovering the Meaning of Stewardship, I explored the idea that ESG, at its core, is not a political tool or a passing trend but rather a commitment to stewardship—taking responsibility for the resources we use, the communities we affect, and the systems that govern our organizations. As we continue to see ESG become a focal point for both praise and criticism, it's essential that we reframe the conversation around its true meaning. In this follow-up, I’ll dig deeper into the layers of stewardship embedded within ESG, examining its practical application across the three pillars—environmental, social, and governance—and the critical role GRC (Governance, Risk, and Compliance) plays in making this vision a reality.